SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 20 |
10 |
0 |
0 |
org.apache.rat.mp.AbstractRatMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
486 |
Medium |
org.apache.rat.mp.RatCheckMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
238 |
Medium |
| Exception is caught when Exception is not thrown in org.apache.rat.mp.RatCheckMojo.check(ReportConfiguration) |
STYLE |
REC_CATCH_EXCEPTION |
209 |
Medium |
org.apache.rat.mp.RatReportMojo
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.rat.mp.RatReportMojo.getSink() may expose internal representation by returning RatReportMojo.sink |
MALICIOUS_CODE |
EI_EXPOSE_REP |
331 |
Medium |
| org.apache.rat.mp.RatReportMojo.generate(Sink, SinkFactory, Locale) may expose internal representation by storing an externally mutable object into RatReportMojo.sink |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
261 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
142 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
281 |
Medium |
org.apache.rat.mp.Regex
| Bug |
Category |
Details |
Line |
Priority |
| Format string should use %n rather than \n in org.apache.rat.mp.Regex.set(String) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
37 |
Medium |
| Format string should use %n rather than \n in org.apache.rat.mp.Regex.setExpression(String) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
33 |
Medium |
org.apache.rat.plugin.HelpMojo
| Bug |
Category |
Details |
Line |
Priority |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |
Apache RAT
Maven